@scatman75 I do use a second WIFI with the 5.10 image which is in my case IPv6-only with "WPA2 PSK (CCMP)" encryption. I did compile it myself to include Wireguard (manually enable BLAKE2 for the kernel).
What is the Guest WIFI encryption set to?
I sent you an email with the config. Maybe you can discover the problem.
@patient0
Thanks for your contribution. Maybe I'll try to compile a version myself.
I use WPA2 PSK (CCMP) as encryption for the guest WLAN.
@arinc9 on a random node: the 'extsw' interface is visible. Does that make sense or is there a way not have it visible since we don't really need that anymore.
@scatman75 if you're up to it you can use the image I created:
MEGA link: openwrt asus_rt-ac88u dsa v5.10 with-luci-wireguard.trx,
SHA256: fdecff7eb68e28cd24da6c9eea6580f2328194c5dda144f352892fbd7a29f94b
I just recreated it and updated my router again to make sure it works since I compiled one with the 5.15 kernel in between.
As I mentioned it is compiled from the @arinc9's master-realtek-work-asus_rt-ac88u branch with luci-ssl and luci-app-wireguard enabled.
arinc9
127
Yeah, it's supposed to be there. Now that we have a DSA driver, DSA tagged frames are sent to this interface to distinguish the switch ports, hence the lan5@extsw, lan6@extsw, etc. interfaces.
Without the DSA driver, the realtek switch operates as a dumb switch, meaning we send untagged frames (or dot1q tagged frames if the switch firmware can figure out the MAC address to/from headers on the frame) to the extsw interface and the realtek switch does switching stuff (learning MAC addresses behind each port and register them on its CAM table) to deliver that frame to the desired switch port.
arinc9
128
Can you try @patient0's build before I go ahead? I got my router deployed at campus so it'd take a bit of work to downgrade to 5.10 and test your config.
Morning @arinc9, ok I understand.
@scatman75 : Or you can sent me your network config and I'll give it a go. I have a stand-in router I can use for the normal day stuff (without the IPv6 only network).
1 Like
@arinc9 @patient0
I tried @patient's build, but there is no change...no connection with guest WiFi, regular WiFi is working well.
Here is you can find my config with modified passwords:
backup-AP_QU-2021-10-05.tar.gz
login: root
password: admin123
Would be great if you can check it on your router.
@scatman75 Do I understand correct that there's a DHCP server for 192.168.5.0/24 but it's not this OpenWrt box for you?
And where does the guest network get it's IP from? Also from an external DHCP server?
@patient0
You figured it out right. The gateway for both VLANs is an OPNsense software router that also offers DHCP as a service for both VLANs. The ASUS is just one of the APs on the network.
VLAN 1: 192.168.5.0/24 -> GW 192.168.5.1, DNS 192.168.5.1
VLAN 3: 192.168.190.0/24 -> gw 192.168.190.1, DNS 192.168.190.1
@scatman75 : ok, I have to see how I can replicate that.
Your OPNsense box is on port 1 I assume. Do you get an IP address from the VLAN 3 range on port 3?
I would guess that is more a problem with VLANs than WIFI - but it's really just a guess.
On port 1 only VLAN 3 is tagged, VLAN 1 is untagged. I assume you untag VLAN 1 on the OPNsense box? This would make VLAN 3 the only tagged traffic.
@patient0
First of all, thank you for your efforts to help me.
Port 1 is the uplink port to a managed switch. This switch is connected to the main switch which is connected to the OPNsense router.
I got an IP address with kernel 5.4 alias arinc9s version (21.02), while connecting a laptop to port 3. I haven't tried it with kernel 5.10 alias the current master.
You're right. VLAN 3 is the only tagged VLAN on this AP. There are a total of 5 VLANs (Main, Guest, IoT, Entertain, Wan) on the main switch and the other two APs.
I'll try your build (5.10 with Wireguard) and plug a laptop into port 3 to see if it can get an IP address of the desired IP range.
Well, I ran the test by connecting a laptop with @patient0's firmware to port number 3. As expected, the laptop has received an IP address of the correct subnet, see the picture of the Macbook below.
Next up is @arinc9's v5.15 image.
I dusted off my APU2 with OPNsense on it and configured a VLAN3 on the LAN1 port. LAN1 of APU2 is connected directly to LAN1 on ASUS RT-AC88U. That should simulate @scatman75's setup for testing.
On LAN3 I get an IP from the 192.168.190.0/24 range correctly with either OpenWrt 21.02 with kernel 5.4 or the newer images with 5.10 or 5.15 - as @scatman75 did too.
Guest WiFi only works on 21.02 with kernel 5.4, it doesn't work with either kernel 5.10 or 5.15.
On my Linux Laptop the log hint that there's a timeout while trying to get an IP from the DHCP (see below, third to last line).
Oct 07 10:25:21 xps-9550 wpa_supplicant[754]: wlp2s0: Associated with 4e:ed:fb:9f:12:39
Oct 07 10:25:21 xps-9550 wpa_supplicant[754]: wlp2s0: CTRL-EVENT-CONNECTED - Connection to 4e:ed:fb:9f:12:39 completed [id=0 id_str=]
Oct 07 10:25:21 xps-9550 wpa_supplicant[754]: wlp2s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Oct 07 10:25:21 xps-9550 kernel: IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready
Oct 07 10:25:21 xps-9550 NetworkManager[2739]: <info> [1633595121.7753] device (wlp2s0): supplicant interface state: associating -> completed
Oct 07 10:25:21 xps-9550 NetworkManager[2739]: <info> [1633595121.7753] device (wlp2s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "Home_Qu_L1"
Oct 07 10:25:21 xps-9550 NetworkManager[2739]: <info> [1633595121.7754] device (p2p-dev-wlp2s0): supplicant management interface state: associating -> completed
Oct 07 10:25:21 xps-9550 NetworkManager[2739]: <info> [1633595121.7755] device (wlp2s0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
Oct 07 10:25:21 xps-9550 systemd-udevd[2992]: regulatory.0: Process '/sbin/crda' failed with exit code 255.
Oct 07 10:25:21 xps-9550 NetworkManager[2739]: <info> [1633595121.7811] dhcp4 (wlp2s0): activation: beginning transaction (timeout in 45 seconds)
Oct 07 10:25:21 xps-9550 avahi-daemon[716]: Joining mDNS multicast group on interface wlp2s0.IPv6 with address fe80::668:7f47:5a27:9830.
Oct 07 10:25:21 xps-9550 avahi-daemon[716]: New relevant interface wlp2s0.IPv6 for mDNS.
Oct 07 10:25:21 xps-9550 avahi-daemon[716]: Registering new address record for fe80::668:7f47:5a27:9830 on wlp2s0.*.
Oct 07 10:25:25 xps-9550 wpa_supplicant[754]: wlp2s0: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
Oct 07 10:25:32 xps-9550 systemd[1]: NetworkManager-dispatcher.service: Succeeded.
Oct 07 10:26:06 xps-9550 NetworkManager[2739]: <warn> [1633595166.7660] dhcp4 (wlp2s0): request timed out
Oct 07 10:26:06 xps-9550 NetworkManager[2739]: <info> [1633595166.7661] dhcp4 (wlp2s0): state changed unknown -> timeout
Oct 07 10:26:06 xps-9550 NetworkManager[2739]: <info> [1633595166.7662] device (wlp2s0): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed')
Changing WiFi encryption to 'Open' didn't help (as expected but had to try nevertheless).
I'm none the wiser but maybe a wiser man knows where to look further (WiFi driver or DSA switch driver?).
Edit/Addition: With kernel 5.15 I can't connect to either Home_Qu_L2_5G or Home_Qu_L2 also. On my mobile it is stuck at "Optaining IP address..."
You went to great lengths to reproduce the situation. Thanks for that. Even if there seems to be a problem, I'm glad to see that it wasn't a simple configuration mistake.
arinc9
138
I’m keeping track of this issue and will work on it when I have time.
arinc9
139
Sorry for the long delay. The bcm53xx target was moved over to DSA two days ago. I have just sent my patch adding support for Asus RT-AC88U. Can you try this image too whether you still have the issue?
Use openwrt-bcm53xx-generic-asus_rt-ac88u-squashfs.trx. It's compiled on the latest of master branch without the realtek DSA driver.
If you're still having issues, it shouldn't be related to my changes.
I tried it a couple of minutes ago. The behavior is still the same. Constantly trying to connect to the WLAN (you see the device on the status page as well as on the wireless page) but no connection can be established.
But this seems natural, because of the following behavior:
BusyBox v1.34.1 (2021-10-23 18:48:39 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt SNAPSHOT, r17818-17b2c5531d29
-----------------------------------------------------
root@AP_SQ:~# ping 192.168.5.1
PING 192.168.5.1 (192.168.5.1): 56 data bytes
64 bytes from 192.168.5.1: seq=0 ttl=64 time=0.822 ms
64 bytes from 192.168.5.1: seq=1 ttl=64 time=0.677 ms
64 bytes from 192.168.5.1: seq=2 ttl=64 time=0.720 ms
64 bytes from 192.168.5.1: seq=3 ttl=64 time=0.798 ms
^C
--- 192.168.5.1 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 0.650/0.719/0.822 ms
root@AP_SQ:~# ping 192.168.190.1
PING 192.168.190.1 (192.168.190.1): 56 data bytes
^C
--- 192.168.190.1 ping statistics ---
41 packets transmitted, 0 packets received, 100% packet loss
root@AP_SQ:~#
Compare the results with 21.02.0 (kernel 5.4):
BusyBox v1.33.1 (2021-08-31 22:20:08 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 21.02.0, r16279-5cc0535800
-----------------------------------------------------
root@AP_SQ:~# ping 192.168.5.1
PING 192.168.5.1 (192.168.5.1): 56 data bytes
64 bytes from 192.168.5.1: seq=0 ttl=64 time=0.935 ms
64 bytes from 192.168.5.1: seq=1 ttl=64 time=0.518 ms
64 bytes from 192.168.5.1: seq=2 ttl=64 time=0.741 ms
^C
--- 192.168.5.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.518/0.731/0.935 ms
root@AP_SQ:~# ping 192.168.190.1
PING 192.168.190.1 (192.168.190.1): 56 data bytes
64 bytes from 192.168.190.1: seq=0 ttl=64 time=0.685 ms
64 bytes from 192.168.190.1: seq=1 ttl=64 time=0.746 ms
64 bytes from 192.168.190.1: seq=2 ttl=64 time=0.572 ms
^C
--- 192.168.190.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.572/0.667/0.746 ms
root@AP_SQ:~#
With the snapshot tagging seems not possible, at least with the current configuration. E.g. when I change the untagged setting of port 1 (VLAN 1/VID 1) to tagged (of course I changed the setting on the switch as well), no connection to the router can be established on the tagged port.
arinc9
141
OK, looks like this is a problem with kernel 5.10. I uploaded an image using the 5.4 kernel on the same release page. Can you give that a try?
